Being involved in bug bounties, don't be fooled by what happened here. This is exactly a case of extortion: the hacker had downloaded user data from Uber, and was paid off in order to delete the files. This differs from an actual bug bounty payout, where a hacker would be disqualified for extracting user information.
After reading the article, it certainly sounds like a regular bug bounty case, maybe the reaction was an overreaction.
Keep in mind this article was written by Mike Isaac who has been a thorn in the side of Uber all throughout 2017. I highly, highly doubt after all the anti-Uber articles he's written that he's an Uber schill, someone who is pro-Uber, or someone who would just blindly believe whatever Uber PR told him.
The tone is distinctively even-tempered, which leads me to believe that maybe it should be taken at face value and it wasn't a coverup at all.
Many larger companies have policies surrounding the paying of ransoms for kidnapping. How is paying this "bounty" any different from paying such a ransom?
Sorry, but is there a better record on this issue? This article just tries to connect vaguely described events into a story. Very poor journalism, reading this is a waste of time. Was the vulnerability a dumb mistake or an unexpected exploit? Was it disclosed to the company in advance? How does this case differ from other cases so that there are four lawsuits now and why has everyone been fired? Because they created a bug bounty system that resulted in bug disclosure? Nothing appears to make sense and the journalist doesn't worry at all.
no more uber stores pls. kthanks.
I hope some blackhat just burns them instead of negotiating chump change.